protected State handleOAuth2ServerSuccess(Request request, Response response, OAuth2Params params) throws Throwable { AccessToken at = null; if(config.isLoginWithAccessToken()) { String code = params.getCode(); if(Strings.isEmpty(code)) { return error(request, response, "illegal_state", "code required from oauth2 server"); } at = codeVerifier.verifyCode(code); if(null == at) { return error(request, response, "illegal_state", "invalid authorization code"); } } String idToken = params.getIdToken(); if(Strings.isEmpty(idToken)) { return error(request, response, "illegal_state", "id_token required from oauth2 server"); } try{ IdToken credentials = idTokenVerifier.verifyIdToken(params, idToken); Authentication authc = authenticate(params, credentials, at); login(request, response, authc); return State.CONTINUE; }catch (TokenVerifyException e) { return error(request, response, e.getErrorCode().name(), e.getMessage()); } }